This Web site (http://www.csl.sri.com/neumann/chats.html) can also be reached
from the top-level CSL Web site (http://www.csl.sri.com) by clicking on "CSL
Staff" and then "Neumann", then "our CHATS project".

Task 1 (two years, extended to 3.5 years):
Distributed system and network architectures, with
high survivability and security, interoperability, composability, and
evolvability, with potentials for high assurance, exploiting the
open-source paradigm (but also typically applicable to proprietary
closed-source software as well). This is a long-term approach that
includes various short-term payoffs. The task is led by Peter
Neumann, with participation of Drew Dean, with oversight
from the project advisory board. This task addresses composability, high
assurance, and trustworthiness within a coherent approach, with three
subtasks.

Subtask 1.3 --- Architecture:
In an evolving manner throughout the project, specify CHATS-relevant
architectural frameworks for high survivability and high security,
respectful of the principles and the needs for robust composability and
interoperability.

Task 2 (two years):
SRI consulting pool for the CHATS program as a whole.
The other CHATS projects were
invited to request our involvement in their projects, as appropriate.

Task 3 (first year only, work now completed):
This task involves a short-term potentially
high-payoff approach, with static analysis capable of detecting
fundamental characteristic common security vulnerabilities in source code.
The approach combines models of the vulnerabilities with model checking
related to the source code. The approach is intentionally open-ended,
with linearly increasing complexity of composability as various new
vulnerability types are accommodated. The team for this task includes
Professor David Wagner and two of his graduate students in the Computer
Science Department in the University of California at Berkeley, with
participation of Drew Dean at SRI and supervision of Peter Neumann. See
David Wagner's project
site for emerging progress information on this task. A plan for how
the software developments of this task could subsequently be integrated
into the EMERALD framework will be included in Task 1. Several different
approaches are foreseen, such as (a) automatically coupling the
vulnerability models with EMERALD rule bases, and (b) applying the static
analysis to EMERALD modules.

Peter Neumann's final report for the Army Research Lab,
Practical Architectures for Survivable Systems and Networks,
30 June 2000, is available on his Web site, for browsing
in html,
and for printing
in PostScript,
and
in pdf.
From the abstract:
This report summarizes the analysis of information system
survivability. It considers how survivability relates to other requirements
such as security, reliability, and performance. It considers a hierarchical
layering of requirements, as well as interdependencies among those
requirements. It identifies inadequacies in existing commercial systems and
the absence of components that hinder the attainment of survivability. It
recommends specific architectural structures and other approaches that can
help overcome those inadequacies, including research and development
directions for the future. It also stresses the importance of system
operations, education, and awareness as part of a balanced approach toward
attaining survivability.